Search for packages
| purl | pkg:maven/org.eclipse.jetty/jetty-deploy@9.4.32 |
| Tags | Ghost |
| Next non-vulnerable version | 9.4.51.v20230217 |
| Latest non-vulnerable version | 12.0.1 |
| Risk | 1.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kxtv-ma18-8fer
Aliases: CVE-2021-28163 GHSA-j6qj-j888-vvgq |
Directory exposure in jetty ### Impact If the `${jetty.base}` directory or the `${jetty.base}/webapps` directory is a symlink (soft link in Linux), the contents of the `${jetty.base}/webapps` directory may be deployed as a static web application, exposing the content of the directory for download. For example, the problem manifests in the following `${jetty.base}`: ```$ tree demo-base/ demo-base/ ├── etc ├── lib ├── resources ├── start.d ├── deploy │ └── async-rest.war └── webapps -> deploy ``` ### Workarounds Do not use a symlink |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:56:23.629472+00:00 | GHSA Importer | Affected by | VCID-kxtv-ma18-8fer | https://github.com/advisories/GHSA-j6qj-j888-vvgq | 38.1.0 |
| 2026-04-02T12:38:10.342602+00:00 | GitLab Importer | Affected by | VCID-kxtv-ma18-8fer | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.jetty/jetty-deploy/CVE-2021-28163.yml | 38.0.0 |